 Welcome back everyone to theCUBE's coverage here at AWS re-invent. Our 11th year covering re-invent has been quite a journey. I'm John Furrier, host. Dave Vellante is at the analyst event getting Q and A with Adam Slepsky. Got George Gilbert, Shelley Kramer, a whole team is here. Got team coverage, Rob Hofe, Mark Albertson, Broadcasting Palo Alto, getting all the signal here at the event. It's been quite a journey to watch AWS over the past 11 years continue to grow. This year more than ever, you see a legit next level set of issues hitting, generative AI, so obviously the hot conversation, but the impact up and down across the stack is pretty significant, opens up all kinds of opportunities and challenges, one of them is security. We have a security expert here, Eric Brandewine, VP and distinguished engineer at Amazon Security, welcome to theCUBE. Great to see you. Thanks John, great to be here. So we were just talking before we came on camera about two things, well I want to start out of the gate. One is AWS now has a re-org with the security team. Stephen Schmidt is CSO, Chief Security Officer for Amazon, and Amazon has a security team, and we talked about generative AI and the fork in the road. So let's start with the AWS update, pretty notable focus that you guys have now one security to explain the current situation. So historically we cared about security across the company of course, and we had separate teams that handle different lines of business, but with Steve Schmidt taking this new role as Chief Security Officer, for the first time we have one security team that covers the entire company. And our biggest concern is that each of the teams that were already in place were competent, they were serving their businesses, they were enabling them to delight customers, and we have to make sure that we don't break that. We have to make sure that as we move forward and we appropriately centralize and consolidate our efforts that we enable each of those business line CISOs, each of those security teams to continue delighting their service teams and they can delight their customers. So is it the case that it's across all Amazon, which is very diverse business, you got retail, you got movies, you got studios, you got AWS, you got stores, you all kinds of things, you know, Twitch, all kinds of things out there. Is there a CISO for every kind of group or is it all one team, how does that work? So there's a CISO for every major line of business. So for example, we've got a CISO for the digital business, we've got a CISO for the consumer business, we've got a CISO for the AWS business, of course. But then there's a number of other security teams that are smaller and embedded with other parts of the business. For example, we have a security team on Kuiper. If you're going to be launching satellites into space, there's a whole different set of concerns. You can't touch them. Like once they're in orbit, they're gone, like you can't touch them. So you have to be able to do software updates securely. All of that stuff is ITAR restricted, international traffic and arms regulation. And so there's a whole new layer of security controls that you have to put onto everything starting from your development processes. And so we have a team that focuses on nothing but that because we need expertise there. So there's a lot of diversity there. And so the challenge is to figure out what data to share. We were talking about some of the things. What are some of the things that you're thinking about that's on your plate right now? I just holistically zoom out and go, okay, we got a wide aperture of security. What are some of the challenges that you guys think because it's not one model, one security framework can work. There are plenty of challenges, but the best opportunity that we have is that there's all of these smart people across the company that have completely different perspectives on these problems. And we've found all sorts of gems all over the organization that we've been able to use more broadly. And that addresses our big challenge, which is the cost to serve. We're not going to compromise on the security bar, but security is not cheap. And we want to make it such that our service teams can launch and launch securely, but they need to be able to launch faster and the cost of the security efforts we provide them has to go down. And so figuring out how we can automate, how we can centralize, how we can turn a whole bunch of the common work across the organization into structured tools and mechanisms so that the engineers can then focus on the thing that differentiates their business. Yeah, and Adam Szelecki mentioned that to me in my one-on-one, it's intrinsic to everything that we do. And he has this the same line, he has the same tone every time. Okay, got it, we got it. And that's important, part of this Amazon culture. So that's super cool. I love to revisit that. I want to focus to the question here at the event. Genervai is the hot topic. I heard there's a drinking game going on where every time someone said Genai, they do a shot and everyone's kind of stumbling around the hallways. But in all seriousness, how do we understand the path of Genervai because the good guys have a chance now to get better. But the bad news is the bad guys have the tools too. So you have a perspective on this. Absolutely, and that's the first fork in the road that you get to, is if Amazon is going to launch a generative AI powered service, the bar is going to be very high. We're going to do a tremendous amount of review and testing and validation to make sure that that service does exactly what we think it does and nothing else. If one of our customers in AWS is going to launch a generative AI powered service, they're going to invest similar care. The burden is again going to be high. Whereas our adversaries, they're just going to launch things. If you've got a trove of stolen data, like they'll point an AI at it, they'll start indexing it, they'll start asking questions. And if it hallucinates, who cares? Like maybe the key that you got out of it isn't valid, throw it away, ask again. If you want to attack someone's support processes, customer service, things like that, maybe a whole bunch of the context that generates are nonsensical. Who cares, generate more. And so there's an asymmetry there and we have to be prepared for this. The nice thing is that these aren't fundamentally new attacks, they're just efficiency gains in existing attacks. But the advantage that we have and what we're really going to double down on is that anywhere we learn across all of Amazon, we can apply that to all of our generative AI services, fleet learning. So anytime we get an adversarial example from any service, anywhere in the company, we can add that to our corpus of adversarial prompts and we can use that to make all of our models better. And so that scale there, we're using the scale of Amazon and the breadth and the diversity of Amazon as a benefit to us. You know, I remember when I first interviewed Steve Schmidt 2015, at that time, okay, again, this is dating myself, but back at that time, everyone, all the naysayers were saying, the cloud's not secure, we're better off on premises. What you just pointed out, I think illustrates that actually the cloud can be secure at a big time level because of the scale and data opportunity you guys have. Absolutely, I think it's very parallel to flying versus driving. If you ask a room of people, how many of you are above average drivers, everyone's going to put their hand up. Okay, go ahead. And if you're sitting on the tarmac, your flight has been delayed, you've been sitting in that stupid seat, it's two hours late, they're not giving you any updates, like let me get up there, let me in the cockpit, I'll fix this. I don't know how to fly a plane, I'm not competent, I'm not qualified, the pilots are more deeply trained than I am to drive a car, but I'm in the back. I don't have full visibility, I don't have full control and that's an uncomfortable place for a human being to be. And anytime you make a partnership with a service provider and it really is a partnership, anytime you do that, you're seating some control and that can be uncomfortable, that can be a hard thing to let go of, but the simple reality is that because of our scale, we have been able to invest. My largest customer as an AWS security engineer is AWS. My second largest customer is Amazon. And these are large going concerns. I mean, Amazon was a big company even before the cloud came along. And you look at the traditional infrastructure that Amazon used to run on. And this is our core competency. We were really, really good at it. And you look at what they get to run on today in AWS and there's absolutely no comparison. The amount of data available, the amount of control available, the scalability, the rate of new feature releases, like I am so much happier with our services running in the cloud than I was running on our traditional infrastructure and our traditional infrastructure was world-class. Let's talk about customer enablement. Great call out there by the way and great masterclass on Amazon security and the cloud, but now let's talk about customers. What does this enable them? Because now I'm the customer, I want to run securely on your cloud. Thank you very much for doing that work. What do I have to do? Because I want some control. I got data in there. So where do you see the enablement to be adaptable? Because that's one of the key features we heard in the keynote yesterday. Adaptability is the key to success in general AI. So this is something that we struggle with constantly is we're designing our services because there is no correct answer. There is no one size fits all. For your workload, a certain configuration may be entirely appropriate, but it may be wildly inappropriate for my workload. The thing that I love about the cloud is that it's democratized access to this stuff. It used to be that if you wanted a data center, you needed a team, you needed a staff, you needed to do vendor selection, you needed to negotiate a contract. You're looking at months on the short side. And if you wanted a high availability, you needed two data centers, like your budget just more than doubled. If you want to run a highly available application in AWS, you just launch a second instance in a different region. We're talking the cost of a cup of coffee. Yeah, and by the way, we just had a MasterCard on while you were waiting. They're talking about the rules in country for data, colo, they got a colo of the data in the country. Sovereign clouds. And so all of this sovereignty issues, like if we have a region there, just run in that region, you don't have to hire a bulldozer and a surveyor like start from a cement slab. And so you get the same kind of democratization in our security controls. Every single host, every single instance in a VPC is wrapped in a security group. You've got fine-grained network segmentation and you don't have to argue about like how many firewall ports do I have or do we have enough bandwidth to handle the east-west traffic. If you want encryption and we strongly encourage people to encrypt, great, use KMS. It's already integrated with all of the services. Key management, encryption is incredibly hard. Like it's super easy to just, you know, you pull down a crypto library and you encrypt some data. Like anyone can do that in five minutes. But to build a robust, secure, scalable, available crypto system is really difficult. We have a world-class team that has spent years getting there. And every single one of our service teams and every single one of our customers can take advantage of those years of investment and expertise with a couple of API calls. And I think, you know, the generative AI only makes that more available because now it's automating and scaling you guys because your services can scale with generative AI because you're generating, I mean, it's non-deterministic but that's good for the customer. Because they'll determine what's for them and they'll use gen AI for that. Right, and so we're really looking forward to some of the generative AI features that Adam and Swami talked about where we're incredibly hopeful this is going to make it much easier for customers to discover the bits and pieces of AWS that they need. Again, it's not one-size-fits-all. The things that are incredibly important to one customer may not matter at all to another customer. And so helping them discover these things, get the right configuration in place and to move forward more quickly and more cognitively. I mean, I think some of the things that are like the little trivial stuff like S3 buckets, other configuration mistakes are going to be flagged immediately. You get the best practices kind of coming in. My word, not your word, but like using all that data kind of be a best practice library for customers with one prompt. Hey, am I secure? No, you're not. You've got something hanging out there. I mean, that could be the case. I mean, that's what the future is right now, right? I mean, is it going to be that easy? Am I secure? Yes, you are. There's no such thing as am I secure? Because security is not a Boolean discipline. It's about understanding and managing risk. But the question that we are hopeful that we can answer, I think we're going to get there, is if I want to improve my security, what should I do right now? Making it actionable, and then taking the customer by the hand and helping them take those steps, making it as simple as possible for them to achieve that next level and then the level beyond that. I got to ask you, Eric, because I've been sitting on the cube and I'm trying to get some input on this, maybe because I'm just kind of riffing, but the first time I saw a 3D printer, I'm like, that's freaking amazing, because it was cool. I've never seen it before. It's building something. It's not printing. That's like a cool factor, a wow factor. Are we going to be soon in an age, or are we there now where the infrastructure can self-build pipelines or take dynamic policy-based actions where the AI gets smart around what's happening and can build scaffolding around something or maybe do something that's been initiated that could be in a best practice? Are we going to be at an era where the infrastructure could just provision itself dynamically around these cases? In that kind of 3D printer way, it's kind of maybe a bad analogy, but I'm envisioning magic happening. That's positive. I have a 3D printer and it is magical. Like it is incredible that I can conjure this object and then it exists, but they're slow. It's really boring to watch a 3D printer. And I think that some really revolutionary things are going to be coming, especially from our customers and our partners. So we've launched a bunch of these foundational things with Q and agents and things like that. And I'm really looking forward to seeing what our clever customers do with those things. But yes, a tremendous amount of the infrastructure and of the code that people write today, that people build today, is scaffolding. It's boilerplate. It's similar to other things that have come before and relieving the human from the burden of managing that stuff is going to be a huge advancement. Well, I'd love to unpack more. Great to have you on. I always love talking with you. It's like a master class. I like to know what's on your mind because you had a lot going on. Final question for you, as you look at today's event or this week's event, the keynotes, your swamis today, Adams yesterday, we've got Werner coming up. Got an ecosystem that's robust, building apps on top of AWS Resolve, Google. What are you most excited about? What are you thinking about these days? What's cool that you're working on? I know you're thinking about the whole organization thing, but what's on your mind and what are you excited about? So, obviously my day job revolves around the Amazon security organization and trying to figure out, and I'm not the only person doing this. We've got a large and very competent team. But what does it mean to be the Amazon security team? And honestly, it's trite and you expected this, but I'm most excited about what we're going to be able to do with generative AI. We have a whole bunch of projects in flight already using generative AI for security workloads for our own internal security needs. We had a couple of engineers go off and this was basically a weekend project. They pointed an AI at our security knowledge base and indexed it and made a chat bot. And this thing is not awesome. Like it hallucinates occasionally, it gives bad advice. It is so much better than anything we've ever had before. And it was a weekend's worth of effort. And if that's the ante, if that's how much it costs to get a seat at the table, imagine what's going to happen when we get a full service team involved and we really invest here. So I think that's going to be a transformative technology for us. I mean, I think that's the kind of value that this latency concept of getting action, not just latency packets, but that weekend project, they're already in value mode as default. And then it's just left in the finger. Imagine the next iteration, the next inference, adding more data in. So I think this is going to be creative, tsunami. It's so exciting because now the team has this direct visceral experience of it's not this huge complicated insurmountable hill to climb. Like look, like my colleagues just did this and it wasn't a huge investment, I should go do it too. And then the other engineers go, I got FOMO. I want to get out of the action. The ideas start sparking and things start happening. And I think that's why this return back to work is a cool thing. And whether you're doing it virtually or whatnot, this interaction and that group dynamic of inventing and building stuff and solving problems, you get the things faster. I mean, we index all our transcripts, it's really cool. And we got a little chat bot too. It's like, but it's great because it helps us get, what's the strategy for this company? And then the people who talked about it pops up. The vector embeds are beautiful. And it wasn't that hard to do. So great stuff, Eric. Great to have you on the queue. It was always a pleasure. Getting all the security action going on here. The thinking is, the key is the thinking with this generalized changing. The queue is reporting this on the ground here. The world has changed. Legit next level things happening. Weekend projects turned into innovation roads and then people working together, customers building value. This is what's going on here at Reinvent this year. Completely different vibe than any other year we've covered. We'll be back more coverage after this short break. Back to you in the studio.